Individuals commonly use the Internet to access online accounts, such as bank accounts, credit card accounts, web-based email accounts, and the like. In certain circumstances, a user may want to allow others to access these online accounts. For example, a husband may want to share a bank account with his wife, a parent may want to share a credit card account with a child, and a user may want to share his or her financial accounts with an accountant for the duration of the tax season.
Currently, users typically share access to their online accounts by manually sharing their login information (or “credentials”) with another user (the “delegate”). Unfortunately, once shared, users can no longer control the use of credentials by delegates, which may result in a variety of security concerns. For example, delegates may use insecure mechanisms to store credentials. For example, delegates may insecurely store passwords on their computer (such as in an unencrypted text file) or write passwords on insecurely stored paper (such as sticky notes attached to or left in the vicinity of the delegate's computer).
Moreover, the conventional mechanisms used to revoke a delegate's access to an online account may be inefficient and insecure. For example, for certain online accounts, a user may be required to change his or her login information in order to revoke the delegate's access to the online account. In addition, because users often use identical login information for multiple online accounts, an account owner that shares credentials for one account with a delegate may inadvertently share credentials for other accounts as well.